Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.4.9
-
None
Description
When an ssl connection has been validated with fingerprint validation, any use of mysql_change_user fails with : TLS/SSL error: Certificate verification failure: The certificate is NOT trusted. (errno: 2026, sqlstate: HY000)
mysql_change_user reuse the connection code, but server doesn't sent fingerprint hash (expected). Certificates are already validated, fingerprint validation must be skipped.
to reproduce using mariadb python driver :
def test_change_user2(self):
|
cursor = self.connection.cursor()
|
|
|
cursor.execute("drop user if exists foo") |
cursor.execute("create user foo IDENTIFIED BY 'heyPassw-!µ20§rd'") |
cursor.execute("GRANT ALL on *.* TO foo") |
|
|
cursor.execute("drop user if exists foo2") |
cursor.execute("create user foo2 IDENTIFIED BY 'heyPassw-!µ20§rd'") |
cursor.execute("GRANT ALL on *.* TO foo2") |
|
|
new_conn = create_connection({'user': 'foo', 'password': 'heyPassw-!µ20§rd', 'ssl': True}) |
try: |
new_conn.change_user("foo2", "heyPassw-!µ20§rd", "") |
self.assertEqual("foo2", new_conn.user) |
finally: |
cursor.execute("drop user foo") |
cursor.execute("drop user foo2") |
|
|
del new_conn
|
del cursor
|
|
test can be launched with something like :
MARIADB_PYTHON_CONNECTOR=c TEST_DB_HOST=myhost.duckdns.org TEST_DB_PORT=3306 TEST_DB_USER=root TEST_DB_DATABASE=testp python -m pytest tests/integration/test_nondbapi.py::CursorTest::test_change_user2 -v
(don't use loopback address or fingerprint is automatically validated)